Question types

Start with

Question limit

5 Written questions

prevents subjects to writing to objects of a higher integrity level, and reduces the integrity level of a subject if it reads and object of lower integrity level (p35)

list of users or user groups with access authority to a secured object or service

network authentication protocol designed for client/server environment that issues tickets by an authentication server that is trusted by the client and the server the client wishes to access

making different layers of security dissimilar so that even if attackers know how to get through a system made up of one layer, they may not know how to get through a different type of layer. also use different vendor products

control access to internal computers from external entities

5 Matching questions

challenge handshake authentication protocol

integrity levels

digital certificates

role-based access control

layered security

aredundancy of different protection layers ensures there is no single point of failure pertaining to security

bconfirms that a message did indeed come from where it says it comes from

cindicates the level of "trust" that can be placed in information at the different levels, and limit modification as opposed to the flow of information (p35)

dprovides authentication across a point-to-point link using point to point protocol (PPP), also known as a three-way handshake

euser is assigned a set of roles they can perform and roles are assigned access permission necessary to perform tasks associated with the role

5 Multiple choice questions

regulates what a user can do on a system

access control matrix

authentication

access control list

access control

providing something you know, something you have , something about you to prove your identity

mutual authentication

authentication methods

integrity levels

authentication

protection = prevention + (detection + response)

network security

security through obscurity

operational model of computer security

layered security

when implementing authorization, the table specifying which portions of the system users are permitted to access and what actions

authentication methods

access control list

access control matrix

access control

a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. OS decides if access is granted

5 True/False questions

authentication → process used to verify the computer system or network that the individual is who they claim to be, usually through user ID and password

True False

response technologies → access controls, firewalls, encryption

True False

multifactor → the use of more than one authentication mechanism at a time

True False

keep it simple → network authentication protocol designed for client/server environment that issues tickets by an authentication server that is trusted by the client and the server the client wishes to access